Atlanta | Apr. 17, 2017 — Consumer electronics and IoT devices are challenging to secure because they rely on low-power processors with limited options for security software. A lack of standardization across hardware, software, and development environments makes it difficult to deploy or update security software.

Georgia Tech's Rob Callan, a post-doctoral researcher, and Ph.D. Student Farnaz Behrang brought the winning cybersecurity solution with a new approach for detecting malware in embedded devices. The pair landed 1st Place and $5,000 toward commercialization at the Institute for Information Security & Privacy's "Demo Day Finale" with a method to monitor radio frequency emissions ("electromagnetic emanations") and help detect unwanted code or hijacks.

The method first characterizes electromagnetic emanations generated by software running on an uncompromised device. To protect another device against intrusions, Callan and Behrang continually monitor its EM emanations, and when those differ from the uncompromised device, they examine for a possible hack. This approach separates (or "air-gaps") the monitor from the device being monitored.

"Healthcare is a dream problem set for this method because countless devices roll in and each from its own maker," says Jeff Garbers, a Demo Day Finale judge and principal at VentureLabs. "These types of devices are rarely updated or known when they are out of compliance, and there is no sensor smart enough to tell if the software inside is failing."

The method by Callan and Behrang is an evolution of work that began under the direction of Georgia Tech faculty Milos Prvulovic and Alenka Zajic, who co-advise Callan in the School of Electrical & Computer Engineering. Knowing that "side channel" emanations could be read from a nearby device, the researchers further explored what the technique might reveal as a preventative measure for nuanced IoT, personal or embedded devices.

"We're grateful for the recognition and feedback, and we look forward to commercializing this research to solve tough cybersecurity problems in the near future," Callan said on behalf of his team.

Also winning $5,000 at Demo Day Finale was Ph.D. Candidate David Formby from the School of Electrical & Computer Engineering for another approach to preventing malware – this time in industrial control systems, such as water plants or utilities. Formby’s software suite won the 2nd Place prize of $3,000 from judges, plus a surprise nab as the audience favorite for the $2,000 People’s Choice Award.

“I was optimistic, but I didn’t expect to win both,” Formby cheerfully said after the event, posing with two prize checks and encircled by congratulatory students.

Formby is expected to graduate in Summer 2017 and already has formed a company, Fortiphyd Logic, to begin commercializing his invention. Callan graduated from Georgia Tech in December 2016 with a Ph.D. in electrical and computer engineering. Behrang is a Ph.D. student in the School of Computer Science, studying software evolution and testing. She is advised by Alessandro Orso.

About Demo Day
Each year, students are invited to compete before venture capitalists and industry leaders at the Institute for Information Security & Privacy's "Demo Day." Students bring initial research ideas to the fall Georgia Tech Cyber Security Summit, where public vote determines which projects are invited back in the Spring. Students return six months later at the Demo Day Finale for a TED-style talk about their developing project. A panel of business leaders and investors from across the United States advise students about future considerations for commercialization. Student research with the best chance of commercialization or demonstrating the most impact toward resolving an information security need receives a cash prize.

"The Institute for Information Security & Privacy wants to move good ideas to market," says Wenke Lee, co-director. "We know industry leans on academic researchers to raise new ideas and we lean on industry to take solutions to the public. Our hope is that by introducing students to business mentors early in the research timeline that we can help them naturally build productive relationships and reduce time to market. All students participating in Demo Day will benefit from the insight and critique of those closest to industry needs today."

1) Ph.D. Student Tianxin Tang presents a method for encrypted database search. 2) Ph.D. Candidate David Formby receives the 2nd Place prize of $3,000 from Co-Directors Bo Rotoloni (L) and Wenke Lee (R). 3) Rotoloni explains that moving university research out to market is one way the Institute for Information Security & Privacy is tackling "the grand challenge of our time" -- cybersecurity. 4) Ph.D. Student Marie Le Pichon was first to present with a method for improving privacy and security compliance challenges in research governing documents. 5) Judges Jeff Garbers, Thiago Olson, and Harold Solomon listen intently as they evaluate commercialization potential and presentation strength. 6) Formby explains a software suite designed to protect industrial control systems, such as water treatment plants or utilities. 7) Nader Sehatbakhsh explains how spectral profiling and monitoring could help detect malware in embedded or IoT devices. 8) Students discuss demonstration posters about cybersecurity concepts for commercialization. 9) Farnaz Behrang and Rob Callan were awarded not only 1st Place, but also high compliments for their presentation delivery.

Up to $5,000 in cash

A spot in Create-X Startup LAUNCH 2018, valued at $70,000

Eligibility for $50,000 from National Science Foundation I-Corps

Musheer Ahmed (Ph.D. CS '16) took home first-place honors in 2016 and has since raised more than $1.5 million for Fraudscope.

Students Farnaz Behrang and Rob Callan won the 2017 Finale.

Jeff Garbers, Thiago Olson, and Harold Solomon judged in 2017.

Demonstration posters show additional project detail at the Finale.

David Formby (Ph.D. ECE '17) took 2nd Place and "People's Choice" honors in 2017 for a software suite called Fortifyd that is designed to protect industrial control systems, such as water treatment plants or utilities, from ransomware.